Tuesday, December 31, 2013

Hackers are finding SD cards to be more interesting than imagined


Putting malicious code on USB thumb drives are an old hack.  But putting malicious code on SD cards have become a new trend.

While MicroSD cards are becoming less common with mobile devices, many phones and tablets rely on some kind of a version of the SD storage format.

There is a high probability that these cards will be plugged into a computer at some point, which could be detrimental to the health of your mainframe.

SD cards have their own micro-controllers and allow you to manipulate them as you please.

The Bunnie Studios team explained that SD cards can’t exist in their current state without some form of on-board micro-controller.  The failure rate for cheap storage is very high, these tiny ARM CPUs have assigned error correction tasks to fight failure rates.

SD cards are micro-porcessors that need a firmware loading mechanism.  Usually the factory is the only one that can exploit the code, but in time, code is usually able to be overwritten.

In a hack demonstration at 30C3, researchers reversed-engineered the instruction set of a mico-controller to access the firmware loading mechanism.  The SD card appeared to operate normal while hacking a PC or mobile device.  This included Wi-Fi equipped cameras it was plugged into.

With across the board usage of SD and microSD card slots, this could turn out to be a very profitable hack.


The above are commands available on the SD card.

Computers don’t have anyway to inspect code running on an SD card before it interacts your PC.  A “Man in the Middle” attack is easily able to be put on your PC.

There is no way to be sure that any information has been removed from the program that may have grabbed information from your computer.

If you ever discover an SD card that’s been reprogrammed or misbehaving, immediately take it out and destroy it.

When stumbling across something that is on one hand a concerning issue, but on the other hand somewhat intriguing, people may not know what action to take.

It’s possible for malicious code to be carried out on these SD cards, be watchful of an attack.

Unless you are working in a secure environment, the random chance of having an affected SD card is likely.

Like the adage, never take candy from a stranger, never use someone else’s SD card.  You don’t know what you may be really getting.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+


Hackers discover SD cards are a lot more interesting than previously imagined – Geek

SD cards hacked – ZDNet

No comments:

Post a Comment